
The European Commission has announced a new action plan aimed at strengthening the European Union's cybersecurity as increasingly powerful artificial intelligence (AI)
systems reshape the digital landscape.
The plan seeks to address growing concerns that advanced AI models could be exploited by cybercriminals to identify software weaknesses, automate attacks and carry out cyber operations at greater speed and scale.
While AI is expected to improve cyber defence, EU officials say stronger safeguards are needed to ensure the technology is deployed safely. The initiative brings together EU member states, industry and cybersecurity agencies to develop common standards and strengthen resilience across Europe.
A central part of the strategy focuses on evaluating advanced AI systems before they enter the European market. Under the EU's AI Act, developers must assess potential risks and introduce measures to reduce them before their models can be made available.
To support those efforts, the Commission plans to establish a European AI evaluation capability by 2027. The new body will help assess the cybersecurity risks and capabilities of advanced AI models while supporting the work of the EU's AI Office through independent technical evaluations.
The Commission also wants to improve access to advanced AI tools for organisations working in cybersecurity. Working with the European Union Agency for Cybersecurity (ENISA), it will develop guidance setting out how public authorities and private organisations can securely access cutting-edge AI systems.
Testing will form another key element of the plan. ENISA and the Commission's Joint Research Centre will create a secure platform where AI systems can be assessed in simulated environments. The facility is expected to help organisations in sectors including finance, healthcare, energy, transport and public administration understand how AI can be used safely to strengthen cyber defences.
Officials are also encouraging organisations to improve basic cybersecurity practices, including stronger cyber hygiene, better risk management and security-by-design approaches. Businesses are urged to make greater use of existing AI tools, including open-source models, to detect software vulnerabilities more quickly and improve their ability to prevent and respond to cyberattacks.
To support this transition, ENISA will work with governments, businesses and open-source software communities to share guidance, promote best practice and launch a campaign aimed at improving the security of critical open-source software.
The Commission also hopes to strengthen Europe's AI industry through a new EU Grand Challenge on AI for cybersecurity. The competition will bring together researchers, companies and other organisations to develop new AI-powered cybersecurity solutions.
Alongside the competition, the EU plans to continue investing in domestic AI infrastructure through its AI Factories programme and future Gigafactories. Officials say a planned European technology investment initiative, announced as part of the Tech Sovereignty Package, could help attract private investment to expand Europe's AI capabilities.
The action plan builds on the EU's existing regulatory framework covering artificial intelligence and cybersecurity. Provisions under the AI Act and the General-Purpose AI Code of Practice are due to become enforceable from 2 August 2026. Additional legislation, including the Cyber Resilience Act, the NIS2 Directive, the Digital Operational Resilience Act (DORA) and the Cyber Solidarity Act, is intended to strengthen cybersecurity standards across critical sectors and improve the bloc's ability to respond to large-scale cyber threats. Photo by mikemacmarketing, Wikimedia commons.
